Krebs on Security
APRIL 29, 2024
The U.S. Federal Communications Commission (FCC) today levied fines totaling nearly $200 million against the four major carriers — including AT&T , Sprint , T-Mobile and Verizon — for illegally sharing access to customers’ location information without consent. The fines mark the culmination of a more than four-year investigation into the actions of the major carriers.
Schneier on Security
APRIL 29, 2024
During the Cold War, the US Navy tried to make a secret code out of whale song. The basic plan was to develop coded messages from recordings of whales, dolphins, sea lions, and seals. The submarine would broadcast the noises and a computer—the Combo Signal Recognizer (CSR)—would detect the specific patterns and decode them on the other end.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Hacker News
APRIL 29, 2024
A previously undocumented cyber threat dubbed Muddling Meerkat has been observed undertaking sophisticated domain name system (DNS) activities in a likely effort to evade security measures and conduct reconnaissance of networks across the world since October 2019.
Penetration Testing
APRIL 29, 2024
McAfee Labs has recently unveiled a sophisticated cyber threat known as DarkGate, which uses advanced tactics to exploit the AutoHotkey utility and evade Microsoft Defender SmartScreen. This discovery outlines a critical escalation in cyber... The post Stealthy ‘DarkGate’ Trojan Abuses AutoHotkey, Evades Defender appeared first on Penetration Testing.
Advertisement
They say a defense can be measured by its weakest link. In your cybersecurity posture, what––or who––is the weakest link? And how can you make them stronger? This webinar will equip you with the resources to search for quality training, implement it, and improve the cyber-behaviors of your workforce. By the end of the hour, you will feel empowered to improve the aspects of your security posture you control the least – the situational awareness and decision-making of your workforce.
Security Boulevard
APRIL 29, 2024
Smishing is hard to stamp out. Worse, bogus domains surpass the legitimate one during the holiday season, when more people expect packages. The post USPS Phishing Scams Generate Almost as Much Traffic as the Real Site appeared first on Security Boulevard.
Penetration Testing
APRIL 29, 2024
Researchers from HiddenLayer have discovered a significant vulnerability in the R programming language, tracked as CVE-2024-27322, that exposes users to arbitrary code execution through deserialized data. This security flaw, centered around the R Data... The post New R Vulnerability CVE-2024-27322: Code Execution Risk in Data Files appeared first on Penetration Testing.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Penetration Testing
APRIL 29, 2024
In a critical security report released on April 29, 2024, the cybersecurity research team at Modzero unveiled a series of severe vulnerabilities in MailCleaner, a widely-used email filtering appliance designed to protect against spam,... The post MailCleaner Vulnerabilities Allow Remote Code Execution appeared first on Penetration Testing.
Bleeping Computer
APRIL 29, 2024
Financial Business and Consumer Solutions (FBCS) is warning 1,955,385 impacted individuals in the United States that the company suffered a data breach after discovering unauthorized access to specific systems in its network. [.
Security Boulevard
APRIL 29, 2024
MDM Hindered: Android phones are still OK; this is Samsung’s home, after all. The post South Korean iPhone Ban: MDM DMZ PDQ appeared first on Security Boulevard.
Bleeping Computer
APRIL 29, 2024
A new cluster of activity tracked as "Muddling Meerkat" is believed to be linked to a Chinese state-sponsored threat actor's manipulation of DNS to probe networks globally since October 2019, with a spike in activity observed in September 2023. [.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
The Hacker News
APRIL 29, 2024
The U.K. National Cyber Security Centre (NCSC) is calling on manufacturers of smart devices to comply with new legislation that prohibits them from using default passwords, effective April 29, 2024.
Penetration Testing
APRIL 29, 2024
A serious security vulnerability in Ant Media Server, a popular streaming solution used by thousands of organizations, has been uncovered by the Praetorian red team. This vulnerability, designated CVE-2024-32656, stems from a misconfiguration that... The post Ant Media Server Flaw Grants Local Users Root Access (CVE-2024-32656) appeared first on Penetration Testing.
Security Boulevard
APRIL 29, 2024
Two months ago, Change Healthcare, a linchpin in the U.S. healthcare system, fell victim to a sophisticated cyberattack by the infamous BlackCat/ALPHV ransomware group. The breach not only paralyzed numerous healthcare services but also exposed the company to extortion demands, underlining severe vulnerabilities in the healthcare sector’s cybersecurity framework.
Penetration Testing
APRIL 29, 2024
Czech cybersecurity software leader Avast has been hit with a hefty $14.8 million fine by the Czech Republic’s Office for Personal Data Protection (ÚOOÚ) for alleged violations of the European Union’s General Data Protection... The post Avast Faces $14.8 Million Penalty for Data Protection Violations appeared first on Penetration Testing.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
The Hacker News
APRIL 29, 2024
Google on Monday revealed that almost 200,000 app submissions to its Play Store for Android were either rejected or remediated to address issues with access to sensitive data such as location or SMS messages over the past year. The tech giant also said it blocked 333,000 bad accounts from the app storefront in 2023 for attempting to distribute malware or for repeated policy violations.
Security Boulevard
APRIL 29, 2024
The rise of digital technology has provided great convenience to the banking sector, but it has also opened up the doors to cyber attacks. A recent incident at a well-known Indian bank acts as a wake-up call, emphasizing the need for a strong cybersecurity framework. The incident was mentioned in the Reserve Bank of India’s […] The post Ensuring RBI Compliance: Crucial Cybersecurity Measures to Protect Financial Standing appeared first on Kratikal Blogs.
Penetration Testing
APRIL 29, 2024
A sophisticated new Android malware threat is making the rounds, and its methods are alarmingly effective. The SonicWall Capture Labs threat research team has identified a sophisticated new Remote Access Trojan (RAT) targeting Android... The post Stealthy New Android Trojan Disguised as Popular Apps Steals Your Data appeared first on Penetration Testing.
The Hacker News
APRIL 29, 2024
Multiple critical security flaws have been disclosed in the Judge0 open-source online code execution system that could be exploited to obtain code execution on the target system.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Affairs
APRIL 29, 2024
The Los Angeles County Department of Health Services reported a data breach that exposed thousands of patients’ personal and health information. The Los Angeles County Department of Health Services disclosed a data breach that impacted thousands of patients. Patients’ personal and health information was exposed after a phishing attack impacted over two dozen employees.
Bleeping Computer
APRIL 29, 2024
Microsoft has fixed a known issue causing incorrect BitLocker drive encryption errors in some managed Windows environments. [.
PCI perspectives
APRIL 29, 2024
Welcome to our podcast series, Coffee with the Council. I'm Alicia Malone, Senior Manager of Public Relations for the PCI Security Standards Council. At our Community Meetings in 2022, the Council announced a significant change to its Participating Organization program. Today, I am joined by the Council's Senior Vice President of Education and Engagement, Mark Meissner who has been spearheading this effort, and is going to talk about some of these changes over the past couple of years, and how t
Security Boulevard
APRIL 29, 2024
Welcome to Axio’s series on cybersecurity for healthcare providers, where we share expert insights and practical advice tailored to the unique security needs of the medical sector. Our aim is Read More The post Continuous Risk Assessments Unify Healthcare Cybersecurity appeared first on Axio. The post Continuous Risk Assessments Unify Healthcare Cybersecurity appeared first on Security Boulevard.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Penetration Testing
APRIL 29, 2024
A disturbing new report by Akamai security researchers highlights the shocking scale of phishing scams impersonating the United States Postal Service (USPS). These cybercriminals have become so sophisticated that their malicious websites designed to... The post USPS Impersonation Scams Surge: Fake Domains Rival Real USPS Website in Traffic appeared first on Penetration Testing.
Bleeping Computer
APRIL 29, 2024
The FBI is warning of fake verification schemes promoted by fraudsters on online dating platforms that lead to costly recurring subscription charges. [.
Security Affairs
APRIL 29, 2024
Financial Business and Consumer Solutions (FBCS) suffered a data breach that exposed information 2 million individuals. Debt collection agency Financial Business and Consumer Solutions (FBCS) disclosed a data breach that may have impacted 1,955,385 individuals. FBCS, a third-party debt collection agency, collects personal information from its clients to facilitate debt collection activities on behalf of those clients.
Malwarebytes
APRIL 29, 2024
Health insurance giant Kaiser has announced it will notify millions of patients about a data breach after sharing patients’ data with advertisers. Kaiser said that an investigation led to the discovery that “certain online technologies, previously installed on its websites and mobile applications, may have transmitted personal information to third-party vendors.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Bleeping Computer
APRIL 29, 2024
Google blocked 2.28 million Android apps from being published on Google Play after finding various policy violations that could threaten user's security. [.
Security Affairs
APRIL 29, 2024
Google announced they have prevented 2.28 million policy-violating apps from being published in the official Google Play. Google announced that in 2023, they have prevented 2.28 million policy-violating apps from being published on Google Play. This amazing result was possible thanks to the introduction of enhanced security features, policy updates, and advanced machine learning and app review processes.
The Hacker News
APRIL 29, 2024
It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge.
Security Affairs
APRIL 29, 2024
The Federal Communications Commission (FCC) fined the largest U.S. wireless carriers $200 million for sharing customers’ real-time location data without consent. The FCC has fined four major U.S. wireless carriers nearly $200 million for unlawfully selling access to real-time location data of their customers without consent. The fines come as a result of the Notices of Apparent Liability (NAL) issued by the FCC against AT&T, Sprint, T-Mobile, and Verizon in February 2020.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Expert insights. Personalized for you.
271 
Let's personalize your content